I'm imagining a scenario where the user can set a password via the DSLR menu, and then all files on the memory card are encrypted via a standard reversible encryption protocol such that the contents can only be read if the viewer knows the key.

This would prevent self-incrimination, for example if your camera is seized and the photos therein are used as evidence against you.

In any case, while we can argue the politics, I'd rather not do it here. This is a site about photography and about cameras. While the question has inherent political undertones, let's keep the answers geared toward the technical side, please, and where they must venture beyond that, try to be balanced and objctive. If you want to debate the virtues of a police state and the relative merits of a free press, there's plenty of other online forums for that.
–
mattdmJan 26 '13 at 6:17

2

+1 while I totally agree with your point, I will totally disregard it (sorry) just to point out the obvious; if "they" see encryption then there is a very good chance that they will hold you in custody until you divulge the password, whether by use of force or lawyer (and I am not sure which I fear more).
–
MawgJan 26 '13 at 8:09

I think that's fine; it's arguing about whether that's a good or bad thing which I want to avoid.
–
mattdmJan 26 '13 at 15:31

In this sort of situation I think it would be better to make 'crypto cards'. These would be memory cards that are write only. They could be then read back with a special card reader that has the key on it. In a really sensitive situation the card could be designed to erase / destory itself if it detects tampering (like a batch read, or attempt to read outside the DCIM directory, like if you put the card in a PC. This solution could also make it so that the user does not have access to the key, such as if the card had to be sent to a secure facility to decryption.
–
PhilJan 26 '13 at 19:23

even better, the card (or the camera) could not just encrypt but also hide the secret photos and still look like a regular innocent card containing safe content, so after the bad guys have you, you won't be immediately tortured to reveal your secret key.
–
szulatJan 12 at 19:24

That doesn't necessarily mean that the encryption aspect is broken, because when done right, this is actually an easier problem than verification (which attempts to sign something while hiding the ability to sign things — intrinsically flawed). I disagree with another answer here which says it's impossible to do in a practical way, but I'm not finding good documentation on how Canon's system was implemented (in general, good security has an open design) and given Canon's record here I definitely wouldn't trust it.

Lexar sold a CF card which, in combination with the Nikon D200 would require hash-based authentication before allowing access to the card. This was sometimes represented as encryption, but was not. For details, read this blog post by security expert Bruce Schneier, and the comments, but in short, no real encryption — and not available for current cameras anyway.

Even if you could properly encrypt in-camera, I'm pretty sure that in any situation where you might be incriminated by photos on an encrypted device where you refuse to turn over the keys, they'll find some way to imprison or otherwise punish you for not doing it. This is, for example, the law in the UK. And in the US, if the prosecution "knows" about the presence of incriminating files, courts have ruled that it's not a 5th amendment violation to make you turn them over. In more totalitarian situations, you might not even get that much of a benefit. (Let's say, for, example, you are located in China — there, it's illegal in itself to have encryption software on your computing devices without declaring it.)

You can use something like a layered encryption system with chaff and a false "safe" partition, but if the government thinks you're up to something, that probably won't really help.

It might be possible to add encryption to the CHDK or even Magic Lantern firmware hacks, but I think it's complicated and large enough that I wouldn't count on it. Another approach might be with an Android app, but you'd want to be very careful that the data never hits flash in an unencrypted form, and I'm not sure how the internals of the camera API works. Unfortunately, I'm not aware of any such app.

For this to be secure, you need to use a public key algorithm, encrypting with the public key and with the private key elsewhere — you'd have no way to review the images on the device at all. This is somewhat inconvenient, but no more than the inconvenience of waiting til you get to a lab to see what's on a roll of film.

If you are sure of the security of your desktop or laptop computer, you coul keep the private key there — if you're planning to edit or manipulate the photos on that device, it's already the weak link, so no point in pretending it's not. In some situations, that may not be adequate, and you could leave the private key somewhere completely safe. If the key is held at home in another country, this may have other advantages, since you could plausibly say that nothing you can do can reveal the secret. (It might not go well for you, but the data would remain safe.) Practically speaking, a moderately-sized key will provide protection for all reasonable attacks, and a larger key will last until everyone alive today is dead, NP is shown to equal P, or quantum computers become a reality (which is certainly at least a while away)

However, again, I'm not aware of any camera or app which does any of that.

So, your best bet may be to keep only a very few files on cards and completely destroy the cards after use. (Just erasing, even with a secure-delete application, will not be enough, and as per your prior question, biting and swallowing the card won't do it either.) And of course, this won't protect you from other risks not directly related to the exposure of your images.

Actually, the legal issues behind forcing folks to give up pass-phrases is unclear, it hasn't been reviewed at the high levels, at least in the US. But this is not a legal forum. THere are many techniques that might be used, but usually its the other way around, you use steganography to hide a secret message in a photo, not to hide the photo, they tend to be large.
–
Pat FarrellJan 26 '13 at 5:16

2

More on the state of key disclosure law worldwide at wikipedia. You're right that it's not settled in the US, but presently there enough ambiguity that I think it's fair to say that there is no guarantee of fifth amendment protection.
–
mattdmJan 26 '13 at 5:29

Its not just China, a decade ago, strong crypto was illegal in France. I haven't checked recently. There are lots of dictatorships and totalitarian governments in the world, so there are lots of examples where you may be thrown in jail or worse.
–
Pat FarrellJan 26 '13 at 17:35

I mention China in specific because that's where Andrew lives.
–
mattdmJan 26 '13 at 17:41

This will simply not work. Encryption works well to protect data in transit, say a diplomatic cable or attack plans of the military. It does not work well against static data. I don't believe that even dedicated journalists will use it properly to achieve their desired goal.

Once the "bad guy" has your data, they can take their time cracking it. In your example, the bad guys would have your camera and your SD/CF cards.

If you used a well implemented, strong cryptography with a proper random key, you are protected against casual bad guys. Ignoring for a moment the fact that its actually quite hard to properly implement strong cryptography, how good is your key?

Most humans are terrible at passwords and keys. Most people pick really weak passwords, starting with "password" or "qwerty". Any modern PC can break the security by simply trying the top 100,000 common passwords, often in a small number of minutes.

If you are going up against a serious foe, say a National security agency (FBI, MI-6, KGB, etc.) they will have specialized hardware that is many orders of magnitude more powerful than a simple PC.

A more sane way to keep from being thrown in jail over your photos is don't take photos where they tend to throw you in jail.

I wouldn't suggest hacking up the encryption on your own, but well-known modern encryption algorithms with large enough keys (not passwords) will be able to stand many years of computing power even from large governmental security agencies. I agree that it won't really work, but for human reasons, not technical ones. As for avoiding taking pictures which governments might not like: the world is not free from totalitarianism, and photographs are a powerful weapon for good.
–
mattdmJan 26 '13 at 3:07

5

Data at rest can still substantially benefit from encryption, this has been a truism since the rise of encryption from 20th century warfare. The basic idea is that encryption sufficiently bars the door long enough for the data to be useless. For example, since I live with the world of PA-DSS, credit cards should be encrypted in a database if stored. This isn't to prevent a breach that reveals the cards, it's to give time to ensure the card numbers are rendered useless when they're finally revealed.
–
John Cavan♦Jan 26 '13 at 4:53

5

If you edit your answer to say "If such a device existed, you would have to be careful to use it properly to get the benefit", I'll change my vote. I think it would actually be fairly easy to implement in a strong way, though: the camera holds a GPG public key and encrypts all saved data with that. The photographer does not have the private key: that is held by the news agency back home. Hard for the photographer to mess up, and very hard to break. I'm sure there are many variants and even completely different schemes which would be effective.
–
mattdmJan 26 '13 at 5:24

2

If you are planning to use Lightroom, Aperture, or etc., the private key can reside on that system. You can call that "your" key or whatever; I think it's most helpful to consider it as the private key matching the camera. It can reside there because you'll need the "plaintext" image to work on in any case, so your image security is only as great as that of your laptop or desktop. For many situations, that may be adequate. For situations where the risk is great, being completely unable to view or edit the files because you don't have the corresponding private key may be an advantage.
–
mattdmJan 30 '13 at 0:27

Canon's OSK-E3 kit also supports encryption. It is compatible with EOS-1Ds Mark III, EOS-1D Mark III. After inserting the special initialized card into the registered camera, all the images you take will be encrypted. You can decrypt the images using a special utility called Original Data Security Utility.

The originality validation function of this tool has been cracked, so I wouldn't trust this kit too much.

Woah; I'll have to revise my answer. I'll look into the details more, but verification is actually harder than encryption. The crack is just that they were able to get the signing key out of a camera — having done that, you can sign (or encrypt) images as if they came from that camera, but assuming they use a public-key encryption scheme (and do it properly, and use large enough keys) having that key still won't let you unencrypt the images.
–
mattdmJan 26 '13 at 15:38

Looks like they also only used one verification key per model rather than the more difficult but correct approach of having one per camera. See full presentation on hack. They mix it with a "board id" for uniqueness, but that's obviously useless for encryption.
–
mattdmJan 26 '13 at 15:46

(Looking now to find details of how the encryption works -- if it uses the same approach, it's no good.)
–
mattdmJan 26 '13 at 15:47

1

As far as I can determine, the kit is designed to protect the temporary "scoop" value of an image more than anything else. All encryption is temporary in the broadest sense, of course, but there's a significant difference between the "it's not worth trying to steal these images" level and the "these images are evidence against the photographer" level of deferring plaintext availability.
–
user2719Jan 26 '13 at 16:16

I can see protecting something for the length of a "scoop" but not long enough to keep you out of jail. @stan is 100% right, with enough time, all encryption can be broken, the engineering trick is to make the time to break it be far longer than the value of the information. Any plan that uses a dongle, smartcard, or "special utility card" is clearly as weak as the dongle. And how do you enter your strong passphase into the dongle?
–
Pat FarrellJan 26 '13 at 17:25

I understand that this question is about DSLR cameras, so this answer might be off-topic, but for the sake of completeness, if you also include point-and-shoot cameras then,

Samsung Galaxy Camera (or any upcoming Android based camera) can encrypt the storage medium. Additionally it also offers Wi-Fi and cellular connectivity options (GSM/3G/LTE), in case you want to upload sensitive data to an off-site location in panic situations. Being on Android platform, you also have accessibility to applications that can give you some plausible deniability in preliminary investigations by hiding/obscuring your pictures (keep in mind though that you can not solely rely on obscurity, for security).

If you take a different approach, I think you could technically reach your stated goal, but it will fail politically.

I don't believe that any "camera" will work, as you have to enter a strong key/passphrase. Its hard enough to get humans to use strong passphrases when they have a keyboard. On a camera, you have only a half-dozen to a dozen buttons and a couple of dials. Entering a strong passphrase is going to be so tedious that it will fail.

But, if you ask a slightly different question: Can a smartphone be made to encipher its photos, the answer is clearly yes. On Android, it would be straight forward to port PGP/GPG to run, and you might even make a fairly user-friendly front end for it. This would let the user potentially enter a strong passphrase. Current smartphones take very good photos.

That said, I think the technical issues are not the weakness in the approach. If you have a bunch of big enciphered files (and photos are big), and the bad guy sees them, then that will be a prime cause to raise suspicions that you have illegal photos. In repressive countries, this alone will likely cause the rubber hoses and water pails to come out to force you to give up the encryption key.

You could use a version of steganography that displays a photo of say cute kittens when someone looks at your photos of the secret police beating protestors. This may let you past the first level, local police. But any serious investigation will quickly see that the image of the kittens is far smaller than the actual file size, and then they will look for whatever it is you are hiding.

It is correct to say that a proper key with 128 bits of entropy feeding a modern cipher such as AES will be strong enough to keep even a national security agency away for a few years. Of course, you will be in jail, and probably be tortured during these years. And no one will see your photos of the injustice. However, zero passwords and nearly zero passphrases actually have 128 bits of entropy. So in practice, dictionary attacks are far more likely to succeed than the original poster of this question would like.

The answer depends on what you want to protect, who from and how long.

There is (or rather was as I can't find it for sale) the Lexar LockTight(tm). A CF card which will not respond until it receives an authentication handshake (160-bit SHA1 for those who know what that means).

The crypto is fairly weak by modern standards and requires camera support (the likes of the D200, D2H/X had it). It would stop a non-techy from 'borrowing' the card and simply copying / viewing it.

However, if your camera was taken then there would be nothing stopping them from viewing the images there as it would contain the key and it wouldn't stand up to sustained attack with modern hardware or techniques for long.

You'd need your own firmware for a camera or open source hardware like the Stanford Frankencameraand build that with secure key storage and enough computational grunt to be able to do strong enough crypto to make it worthwhile.

I think you might want to consider an alternative method to encryption. One thing we can assume is a person who wants to go through your pictures will usually open the first one on the list. With this assumption in place you can create a simple script that will wipe your pictures when it is opened. The script will have a picture icon and will be named in the same format your camera names pictures.

So when thief joe or officer bob goes to F:/dcim/01.jpg the script will be opened and it will begin to format f:/ drive. The reason you would want to format instead of a simple "select all delete" is once you begin to format an sd card it is difficult to stop. If they pull the card out of the computer then the risk of corruption is very high. This will work in your favor.

Depending on the operating system you can also have a script on the sd labeled autorun. This will start the script as soon as it is plugged into a computer. You can have the script request username and password. If a username or password is not inserted or if the window is closed of if the username and password is inserted incorrectly after x times then it will format the card.

TDLR: Instead of looking into a camera that offers encryption you should look into various ways of adding security to the SD Card.

Some of my friends just recently started despectacle.com offering a microSD card adapter called "CryptSD" which would do pretty much what you are looking for. Though the encryption is not done by the camera, but the SD card adapter itself.

Not quite sure when it is going to be officially launched, but I guess you don't mind waiting a little longer given that the question is almost two years old.

How is this even possible ? Sure, the card may internally encrypt the data but the camera needs to see the raw decrypted data, so the card decrypts it on the fly when accessed... but then, what's the point ? Also, where do you enter the key?
–
André DanielJan 13 at 20:32

Think they are going to use a combination of public key cryptography and symmetric keys allowing it to still look at your pictures as long as the camera is on. Once turned of, your pictures are "gone". Meaning, the camera can't read them anymore.
–
AlexJan 14 at 20:24

Yeah that makes sense, just like full disk encryption (LUKS for example), but the problem is how do I first enter the key ?
–
André DanielJan 14 at 20:58

Shouldn't be a problem. That's the beauty about public key cryptography. Just generate a "session key", encrypt it with the pub-key, store it somewhere and encrypt all the pictures with the session key. Done.
–
AlexJan 15 at 19:49

1

It is actually quite simple. Whenever the camera is turned on, a new session key is generated to encrypt the pictures. This session key is held in memory as well as saved onto the sd card (encrypted, using the public key). As long as the sd card is still powered, you will be able to encrypte & decrypt the pictures you have taken. Once the sd card is turned of (aka. camera off), you will no longer be able to read the pictures you have already stored on the sd cad. Ofcourse, you are still able to access them from your computer by entering your PW.
–
AlexJan 18 at 12:07